The original IFrame. Embedding an image within an image, called the Droste effect, via Wikipedia

---

IFrames let you stick a webpage within a webpage. This is cool, but can quickly lead to Inception style weirdness and thought crime. They have been shunned by the web design community for decades, until Facebook brought them back this year, for folding the web into Facebook pages.

When I first learned HTML, I thought IFrames were amazing. Instead of having one HTML page, you could divide up the window into frames, each being a different page. The possibilities were endless. At some point, however, IFrames became really uncool, the equivalent of giving your website a jheri curl. Hated even. But now Facebook is using IFrames. So I guess they’re cool again.

Why IFrames Suck

Image from The World’s Worst Website

IFrames are generally hideous, like the example above. But they don’t necessarily have to be. As usability guru Jakob Nielsen pointed out in 1996, iframes kinda break the Internet. The URL bar on the top no longer tells you where you are, you can’t naturally bookmark or share pages, they break the concept of the webpage as a unitary object, and they drive search engines crazy. That latter reason more than anything was why people largely abandoned them. Frames simply became bad business.

Why IFrames Really Suck

That’s simply bad design. IFrames can be used for much worse evil. The latest WordPress update (3.1.4, released today, please update now) protects against something called clickjacking. This is a variant of the Confused Deputy problem, also known as ‘Who Shot The Sherriff?’

Essentially, you think you’re on one page, but there’s another invisible page layered on top of it. As an example

The user receives an email with a link to a video about a news item, but another valid page, say a product page on amazon.com, can be “hidden” on top or underneath the “PLAY” button of the news video. The user tries to “play” the video but actually “buys” the product from Amazon (Wikipedia)

This is horrible. Have I seen less malicious IFrame hacks on my own sites? Why yes I have.

How Facebook Made IFrames Cool Again

Facebook IFrame tunnel. Obviously bad usage, correct usage generally looks cool. Image by Ruiwen

Regardless, indi.ca now uses IFrames. If you scroll down, the Facebook social box is an IFrame. Facebook has brought IFrames from 1996 back to the future. But why? And how?

Because IFrames are actually awesome. They enable you to put a whole application inside another page without recoding it there or without using Javascript. It’s because of their power that they’re used for evil. They’re like swords. Or MSG.

Facebook needs IFrames because people (especially companies with pages) have outgrown the limited feature set that Facebook provides. Facebook isn’t actually the web, it is its own walled garden, running on deeply customized code and a very different philosophy. Companies, however, want to put their product or about pages without dealing with that. So IFrames simply let them slap their own HTML into the walled garden.

This has security problems, but so does everything. What IFrames do, uh, do is enable Facebook to effectively fold the outside Internet into its pages structure. Which is a bit annoying, but still something companies are happy to do (Mashable).

So, that’s how Facebook brought IFrames back. I hope they suck less this time around.

Posted on Thursday, June 30th, 2011 in Art, Design, facebook, Tech.